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We describe the use of quantum process calculus to describe and analyze quantum communication 
protocols, following the successful field of formal methods from classical computer science. The key 
idea is to define two systems, one modelling a protocol and one expressing a specification, and prove 
that they are behaviourally equivalent. We summarize the necessary theory in the process calculus 
CQP, including the crucial result that equivalence is a congruence, meaning that it is preserved by 
embedding in any context. We illustrate the approach by analyzing two versions of a quantum error 
correction system. 

1 Introduction 

Quantum process calculus is a generic term for a class of formal languages with which to describe and 
analyze the behaviour of systems that combine quantum and classical computation and communication. 
Quantum process calculi have been developed as part of a programme to transfer ideas from the field 
of formal methods, well established within classical computer science, to quantum systems. The field 
of formal methods provides theories, methodologies and tools for verifying the correctness of comput- 
ing systems, usually systems that involve concurrent, communicating components. The motivation for 
developing quantum formal methods is partly to provide a conceptual understanding of concurrent, com- 
municating quantum systems, and partly to support the future development of tools for verifying the 
correctness of practical quantum technologies such as cryptosystems. 

Our own approach is based on a particular quantum process calculus called Communicating Quan- 
tum Processes (CQP), developed by Gay and Nagarajan [5]. Recent work on CQP has addressed the 
question of defining behavioural equivalence between processes, which formalizes the idea of observa- 
tional indistinguishability. The aim is to support the following methodology for proving correctness of a 
system. First, define System, a process that models the system of interest. Second, define Specification, a 
simpler process that directly expresses the desired behaviour of System. Third, prove that these two pro- 
cesses are equivalent, meaning indistinguishable by any observer: System = Specification. This approach 
works best when the notion of equivalence is a congruence, meaning that it is preserved by inclusion in 
any environment. While there have been several attempts to define a congruence for a quantum process 
calculus, the problem has only recently been solved: for CQP, reported in Davidson's PhD thesis and 
independently for qCCS by Feng et al. [4|. 
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The present paper begins in Section |2] by reviewing the language of CQP and illustrating it with a 
model of a quantum error correcting code. Section [3] then summarizes the theory of behavioural equiv- 
alence for CQP, which has not previously been published other than in Davidson's thesis, and applies it 
to the error correcting code. Section |4] analyzes the system in the presence of errors that cannot be cor- 
rected. Finally, Section [5] concludes with an indication of directions for future work. The contributions 
of the paper are the first publication of the definition of a congruence for CQP, and the application of 
CQP congruence to examples beyond the teleportation and superdense coding systems that have been 
considered previously. 

Related Work Lalire ifTOl defined a probabilistic branching bisimilarity for the process calculus QPAlg, 
based on the branching bisimilarity of van Glabbeek and Weijland f9l, but it was not preserved by paral- 
lel composition. Feng et al. [3] developed qCCS and defined strong and weak probabilistic bisimilarity. 
Their equivalences are preserved by parallel composition with processes that do not change the quantum 
context. A later version of qCCS ITTl excluded classical information and introduced the notion of ap- 
proximate bisimilarity as a way of quantifying differences in purely quantum process behaviour. Their 
strong reduction-bisimilarity is a congruence is not sufficient for the analysis of most interesting quan- 
tum protocols, as the language does not include a full treatment of measurement. In recent work, Feng 
et al. define a new version of qCCS and prove that weak bisimilarity is a congruence. They apply 
their result to quantum teleportation and superdense coding. The details of their equivalence relation 
are different from our full probabilistic branching bisimilarity, and a thorough comparison awaits further 
work. 

The work presented in this paper contrasts with previous work on model-checking quantum systems. 
The QMC (Quantum Model-Checker) system fT, "8] is able to verify that a quantum protocol satisfies a 
specification expressed in a quantum logic, by exhaustively simulating every branch of its behaviour. The 
use of logical formulae is known as property-oriented specification, in distinction to the process-oriented 
specifications considered in the present paper. Because of the need for efficient simulation, QMC uses 
the stabilizer formalism inHl and is limited to Clifford group operations. Nevertheless, this is sufficient for 
the analysis of a simple error correcting code, and such an analysis appears in [8|. There are two main 
advantages of the process calculus approach. First, because we are using pen-and-paper reasoning rather 
than computational simulation, there is no restriction to stabilizer states. Second, the fact that equivalence 
is a congruence means that we can use equational reasoning to deduce further equivalences, whereas in 
the model-checking approach we only obtain the particular fact that is checked. The disadvantage of 
the process calculus approach is that, unUke the situation for classical process calculus, equivalence- 
checking has not yet been automated. 

2 Communicating Quantum Processes (CQP) 

CQP HI is a process calculus for formally defining the structure and behaviour of systems that combine 
quantum and classical communication and computation. It is based on pi-calculus |[T2l [T3l . with the 
addition of primitive operations for quantum information processing. The general picture is that a system 
consists of a number of independent components, or processes, which can communicate by sending data 
along channels. In particular, qubits can be transmitted on channels. One of the distinctive features of 
CQP is its type system, which ensures that operations can only be applied to data of the appropriate 
type. The type system is also used to enforce the view of qubits as physical resources, each of which 
has a unique owning process at any given time. If a qubit is send from A to B, then ownership is 
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transferred and A can no longer access it. Although typing is important, we will not discuss it in detail in 
the present paper; however, our CQP definitions will include type information because it usually forms 
useful documentation. Also, in the present paper, we will not give a full formal definition of the CQP 
language. Instead, in the next section, we will explain it informally in relation to our first model of a 
quantum error correction system. 

2.1 Error Correction: A First Model 

Our model of a quantum enor correction system consists of three processes: Alice, Bob and Noise. 
Alice wants to send a qubit to Bob over a noisy channel, represented by Noise. She uses a simple error 
correcting code based on threefold repetition |[T4l Chapter 10]. This code is able to correct a single bit- 
flip error in each block of three transmitted qubits, so for the purpose of this example, in each block of 
three qubits. Noise either applies X to one of them or does nothing. Bob uses the appropriate decoding 
procedure to recover AZ/ce's original qubit. The CQP definition of Alice is as follows. 

Alice{a :^Qbit] , b :^Qbit, Qbit, Qbit] ) = 

(qbit 3',z)a?[x: Qbit] . {x,z*= CNot} .{x,y*= CNot} .bl[x,y,z] .0 

Alice is parameterized by two channels, a and b. In order to give Alice a general definition independent 
of the qubit to be sent to Bob, she will receive the qubit on channel a. The type of a is^Qbit], which 
is the type of a channel on which each message is a qubit. Channel b is where Alice sends the encoded 
qubits. Each message on b consists of three qubits, as indicated by the type^Qbit, Qbit, Qbit]. 

The right hand side of the definition specifies Alice's behaviour. The first term, (qbit y,z), allocates 
two fresh qubits, each in state |0), and gives them the local names y and z. Then follows a sequence of 
terms separated by dots. This indicates temporal sequencing, from left to right. a7[x: Qbit] specifies that 
a qubit is received from channel a and given the local name x. The term {x,z*= CNot} specifies that 
the CNot operation is applied to qubits x and z; the next term is similar. These operations implement the 
threefold repetition code: if the intial state of x is |0) (respectively, |1)) then the state of x,y,z becomes 
1 000) (respectively, 1 11 1)). In general, of course, the initial state of x may be a superposition, and then so 
wiU be the final state of x,y,z. Finally, the term b\ [x,y,z] means that the qubits x,y,z are sent as a message 
on channel b. The term simply indicates termination. 

We model a noisy quantum channel by the process Noise, which receives three qubits from channel b 
(connected to Alice) and sends three (possibly corrupted) qubits on channel c (connected to Bob). Noise 
has four possible actions: do nothing, or apply X to one of the three qubits. These actions are chosen with 
equal probability. We produce probabilistic behaviour by introducing fresh qubits in state |0), applying H 
to put them into state -^(|0) + 1 1)), and then measuring in the standai^d basis. The definition of Noise is 
split into two sub-processes, of which the first, NoiseRnd, produces two random classical bits and sends 
them to the second, NoiseErr, on channel p. This programming style, using internal messages instead of 
assignment to variables, is typical of pi-calculus. 

NoiseRnd{p-r\^\X,h\t]) = (qbit m,v){m*= H} .{v*= H} .;?! [measure m, measure v] .0 

The process NoiseErr receives three qubits from channel b, and two classical bits from channel p. 
It interprets the classical bits, locally named j and k, as instructions for corrupting the qubits. This uses 
appropriate Boolean combinations of j and k to construct conditional quantum operations such as X^*^. 



NoiseErr{b :n;Qbit, Qbit, Qbit] , p ■r[b\t, bit] , c :^Qbit, Qbit, Qbit]) = 

Z7?[x:Qbit,3;:Qbit,z:Qbit].;??[j:bit,it:bit].{x*=X^''=}.{3;*=X^'^}.{z*=x7^}.c![x,3;,z].0 
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The complete Noise process consists of NoiseRnd and NoiseErr in parallel, indicated by the vertical 
bar. Channel p is designated as a private local channel; this is specified by (new p). This construct 
comes from pi-calculus, where it can be used to dynamically create fresh channels, but here we are using 
it in the style of older process calculi such as CCS, to indicate a channel with restricted scope. Putting 
NoiseRnd and NoiseErr in parallel means that the output on p in NoiseRnd synchronizes with the input 
on p in NoiseErr, so that data is transferred. 

A/^owe(Z7:^Qbit,Qbit,Qbit],cnQbit,Qbit,Qbit]) = (new p){NoiseRnd{p)\ NoiseErr {b,p,c)) 

Bob consists of BobRec and BobCorr, where BobRec receives the qubits and measures the error 
syndrome, and BobCorr applies the appropriate correction. An internal channel p is used to transmit the 
result of the measurement, as well as the original qubits, again in pi-calculus style. After correcting the 
error in the group of three qubits, BobCorr reconstructs a quantum state in which qubit x has the original 
state received hy Alice and is separable from the auxiliary qubits. Finally, BobCorr outputs x on channel 
d. 

BobRec{c i^Qbit, Qbit, Qbit] :^Qbit, Qbit, Qbit, bit, bit]) = (qbit s, t)cl[x : Qbit, j : Qbit,z : Qbit] . 
{x,s*= CNot} . {y,s*= CNot} . {x,t *= CNot} . {z,t*= CNot} .p\[x,y,z, measure s, measure t] .0 

BobCorr{p HQbit, Qbit, Qbit, bit, bit] , J HQbit]) = pl[x: Qb\t,y: Qbit,z : Qbit, j : bit, A: : bit] . 
{x*= Xi''} . {y *= X-''^} . {z *= X^*^} . {x,y *= CNot} . {x,z*= CNot} .d\[x].0 

BoZ^(c:^Qbit,Qbit,Qbit],t/nQbit]) = (new p){BobRec{c,p)\BobCorr{p,d)) 

The overall effect of the error correcting system is to input a qubit from channel a and output a qubit, 
in the same state, on channel d, in the presence of noise. The complete system is defined as follows. 



When we consider correctness of the error correction system, we will prove that QECC is equivalent 
to the following identity process, which by definition transmits a single qubit faithfully. 



2.2 Semantics of CQP 

The intended behaviour of the processes in the error correction system was described informally in the 
previous section, but in fact the behaviour is precisely specified by the formal semantics of CQP. In this 
section we will explain the formal semantics, although without giving all of the definitions. Full details 
can be found in Davidson's PhD thesis [2J. 

In classical process calculus, the semantics is defined by labelled transitions between syntactic pro- 
cess terms. For example, a process of the form c![2] .P, where P is some continuation process, has the 
transition 



The label c![2] indicates the potential interaction of the process with the environment. In order for this 
potential interaction to become an actual step in the behaviour of a system, there would have to be another 
process, ready to receive on channel c. A suitable process is cl[x] .Q, where Q is some continuation 
process. The labelled transition representing the potential input is 



QECC{a :^Qbit] , d HQbit] ) = (new Z^, c) {Alice{a,b) \ Noise{b,c) \ Bob{c,d) ) 



Identity {a :^Qbit] , d HQbit]) = a7[x: Qbit] .d\[x].0 




(1) 




(2) 
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Here v stands for any possible input value, and Q{v/x} means Q with the value v substituted for the 
variable x. If these two processes are put in parallel then each has a partner for its potential interaction, 
and the input and output can synchronize, resulting in a T transition which represents a single step of 
behaviour: 

c![2].P|c?[x].e^P|e{2/4. 

The complete definition of the semantics takes the form of a collection of labelled transition rules. Tran- 
sition ([Hi becomes a general rule for output if the value 2 is replaced by a general value v. Transition Q 
is a general rule for input. The interaction between input and output is defined by the rule 



P\Q^P'\Q' 



which specifies that if the transitions above the line (hypotheses) aie possible then so is the transition 
below the line (conclusion). Full details of this style of semantics, in relation to pi-calculus, can be found 
inlElIBl. 

To define the semantics of a quantum process calculus such as CQP, we need to include a representa- 
tion of the quantum state. Because of entanglement, the quantum state is a global property. It also turns 
out to be necessary to specify which qubits in the global quantum state are owned by (i.e. accessible to) 
the process term under consideration. We work with configurations such as 

{[q,r^ ^{\00) + \U))];q;c\[q].P). (3) 

This configuration means that the global quantum state consists of two qubits, q and r, in the specified 
state; that the process term under consideration has access to qubit q but not to qubit r ; and that the 
process itself is cl[q].P. Now consider a configuration with the same quantum state but a different 
process term: 

{[q,r^ ^{m + \n))];r,dl[r].Q). 
The parallel composition of these configurations is the following: 

{[q,r^^{\0O) + \n))];q,r;c\[q].P\d\[r].Q) 

where the quantum state is still the same. 

The semantics of CQP consists of labelled transitions between configurations, which are defined in 
a similar way to classical process calculus. For example, configuration ^ has the transition 

([^,r.^-L(|OO) + |ll))];^;c![g].P)^([g,r^-l=(|OO) + |ll))];0;P). 

The quantum state is not changed by this transition, but because qubit q is output, the continuation 
process P no longer has access to it; the final configuration has an empty list of owned qubits. 

Previous papers on CQP (F. '61 defined the semantics in a different style. Instead of labelled transi- 
tions there were reductions, corresponding to T transitions, and these were defined directly. However, al- 
though reduction semantics allows the behaviour of a complete system to be defined, labelled transitions 
and their interpretation as potential interactions are necessary in order to define equivalence between 
processes, which is the focus of the present paper. 
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As well as the different style of definition used in previous work, there is a very significant difference 
in the way that the semantics treats quantum measurement. In the original reduction semantics of CQP, a 
measurement leads to a probability distribution over configurations, which at the next step reduces prob- 
abilistically to one particular configuration. But in order for equivalence of processes to have the crucial 
property of congruence, the semantics must incorporate a more sophisticated analysis of measurement, 
in which mixed configurations play an essential role. 

If the result of a quantum measurement is not made available to an observer then the system is 
considered to be in a mixed state, but it is not sufficient to simply write a mixed quantum state in a 
configuration. In general the mixture includes the process term, because the measurement result occurs 
within the term. 

Example 1 ([<7 1-^ ao|0) + ai|l)];g;c![measure 17].^) — ^ ©,g{o.i} {[q^\i)\,q;Xx»c\[x].P;i). 

This transition represents the effect of a measurement, within a process which is going to output 
the result of the measurement; the output, however, is not part of the transition, which is why it is a 
T transition and the process term on the right still contains c![]. The configuration on the left is a pure 
configuration, as described before. On the right we have a mixed configuration in which the © ranges over 
the possible outcomes of the measurement and the |a, p are the weights of the components in the mixture. 
The quantum state [q^ \ i)] corresponds to the measurement outcome. The expression Ax»c![x] .Pis not a 
A -calculus function, but represents the fact that the components of the mixed configuration have the same 
process structure and differ only in the values corresponding to measurement outcomes. The final term 
in the configuration, /, shows how the abstracted variable x should be instantiated in each component. 
Thus the Xx represents a term into which expressions may be substituted, which is the reason for the A 
notation. So the mixed configuration is essentially an abbreviation of 

l«oP(k^|0)];^;c![0].P{OA})©|ai|2([g^|l)];g;c![l].P{lA}). 

If a measurement outcome is output then it becomes apparent to an observer which of the possible 
states the system is in. This is represented by probabilistic branching, after which we consider that 
system to be in one branch or the other — it is no longer a mixture of the two. Example |2] shows 
the effect of the output from the final configuration of Example [T] The output transition produces the 
intermediate configuration, which is a probability distribution over pure configurations (in contrast to a 
mixed configuration; note the change from © to ffl). Because it comes from a mixed configuration, the 
output transition contains a set of possible values. From the intermediate configuration there are two 

possible probabilistic transitions, of which one is shown ( ^ ). 
Example 2 

©,■£{0,1} {[q^\i)];q;Xx*c\[x].P;i) "'^H^^ 

ffl!e{o,i}l«rR[^^ ^ |0)];^;Ax»P;0) 

Measurement outcomes may be communicated between processes without creating a probability 
distribution. In these cases an observer must still consider the system to be in a mixed configuration. In 
Example [3]there is a mixed configuration on the left, with arbitrary weights gi, which we imagine to have 
been produced by a measurement. However, there is now a receiver for the output. Although there is no 
difference in process Q between the two components of the mixed configuration, we include it in the A 
because the communication will propagate the different possible values for x to Q. 
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Example 3 

©;e{o.i} 8i i[q^\i)];g;Xx»{d[x].P II c?M.e);0 ^©/e{o,i} gi ([^ ^ |/)];^; Ax. II Q{x/y}y,i) 

The full definition of the labelled transition semantics covers more complex possibilities. For exam- 
ple, if incomplete information about a measurement is revealed, the resulting configuration is in general 
a probability distribution over mixed configurations. The aspects of the semantics that are relevant to the 
present paper will be illustrated further in relation to the error correction example. Now we define some 
notation. 

There are two types of transition: probabilistic transitions which take the form SipiSi -w Sj where 
V/.(/7,- < 1), and non-deterministic transitions which have the general form s SfPiSi where V/.(/7, < 1) 
and a is an action. The notation SiPiSj = /Ji • ffl • • • ffl Pn*^n denotes a probability distribution over 
configurations in which = 1. If there is only a single configuration (with probability 1) we omit the 
probability, for example s s'. 

The separation of probabilistic and non-deterministic transitions avoids the need to consider non- 

(X K 

deterministic and probabilistic transitions from the same configuration. The relations — )■ and induce 
a partition of the set ^ of configurations into non-deterministic configurations o5^„ and probabilistic 
configurations Yp-. let = {s e y \ 3n € (0, l],3t G S^,s ^ t]; and let ^„ = ^ \ .^p. By this 
definition a configuration with no transitions belongs to This notation will be used in Section |3] 

2.3 Execution of QECC 

We show the interesting steps in one possible execution of QECC, omitting the new declarations from the 
process terms to reduce clutter. The semantics of CQP is non-deterministic, so transitions can proceed in 
a different order; the order shown here is chosen for presentational convenience. The initial configuration 
is {%;%;Alice \ Noise \ Bob). In the first few steps, the processes execute qbit terms, constructing a global 
quantum state: 

{[y,z,u,v,s,t i-> \0Q^QO0)];y, z,u,v,s,t; Alice' \Noise' \ Bob') 

Alice receives qubit x, in state a|0) + j8|l), from the environment, via transition — , which expands 
the quantum state. We now abbreviate the list of qubits to ^ = x,y,z,u,v,s,t. After some T transitions 
corresponding to Alice\ CNot operations, we have: 

{[q^a\ 0000000) + j8 1 11 10000)] \q;b\[x,y,z] Noise \ Bob') 

Noise' = NoiseErr\ NoiseRnd' (NoiseRnd' has already done its qbit). The output on b interacts with 
the input on b in NoiseErr. Meanwhile, the measurements in NoiseRnd produce a mixed configuration 
because the results are communicated internally, to NoiseErr: 

®y,ie{o,i}l([^^ a|000;100) +i8|111^00)];^; 

A jk • {x*= Xi^} . {y *= XJ^} . {z *= XJ''} .c\[x,yz].0\ Bob'; j,k) 

After z transitions from the controlled X operations, we can write the mixed configuration explicitly: 

li[q^a\ 0000000) + j8 1 11 1 0000) ] ■,q;c\[x,yz] .0\Bob') 
©1([^^ «|0010100)+j8|1100100)];5';c![x,3;,z] .0\Bob') 
©life^ a|0101000)+j8|1011000)];^;c![x,>',z] .0\Bob') 
®l{[q^ a|1001100)+j8|0111100)];5';c![x,3;,z] .0\Bob') 



74 



Analysis of a Quantum Error Correcting Code using Quantum Process Calculus 



The remaining transitions operate within the mixed configuration. In each component of the mixture, 
the measurement of s,t by BobRec has a deterministic outcome, so no further mixedness is introduced. 
Eventually we have a mixed configuration in which the process term is the same, d\[x\ .0, in every 
component, so we can just consider the mixed state, which is 

®j,ke{o.\}\y^y^z,u,v,s,t ^ a\000jkjk) + I5\mjkjk)]. 

The mixture over j\k is the residue of the random choice made by NoiseRnd, and the dependence of s 
and t on j,k is because BobRec's measurement recovers the values of j and k (which is what allows the 
error to be corrected). In this final mixed state, the reduced density matrix of x, which is what we are 
interested in when x is output, is the same as the original density matrix of x. 

3 Behavioural Equivalence of CQP Processes 

The process calculus approach to verification is to define a process System which models the system 
of interest, another process Spec which expresses the specification that System should satisfy, and then 
prove that System and Spec are equivalent. Usually Spec is defined in a sufficiently simple way that it 
can be taken as self-evident that it accurately represents the desired specification. 

What do we mean by equivalent! The idea is that two processes are equivalent if their behaviour is in- 
distinguishable by an observer. That is, if they do the same thing in the same circumstances. Equivalence 
relations in this style are generically called behavioural equivalences. Suppose that = is an equivalence 
relation on processes. The ideal situation is for = to have a further property called congruence, which 
means that it is preserved by all of the constructs of the process calculus. A convenient way to express 
this property involves the notion of a process context C[]. This is a process term containing a hole, rep- 
resented by [], into which a process term may be placed. For example, c7[x] . [] is a context, and putting 
the process <i! [x] . into the hole results in the process c7[x] .d\[x].0. 

Definition 1 An equivalence relation = on processes is a congruence ;/ 

vp,!2.p = e^vc[].c[p]^c[e]. 

This definition of congruence corresponds to the idea that observers are themselves expressed as 
processes. Congruence, in addition to the property of being an equivalence relation, is what is required 
in order to allow equational reasoning about equivalence of processes. It means that if a system satisfies 
its specification, then it continues to satisfy its specification no matter what environment it is placed in. 

From the beginning of the study of quantum process calculus, the aim was to define a behavioural 
equivalence with the congruence property. This was not straightforward and took several years to 
achieve; Lalire [10] describes an unsuccessful attempt. Recently the congruence problem has been 
solved by the first three authors of the present paper 13 for CQP and, independently, by Feng et al. 
S for qCCS. 

We will now present the concept of bisimilarity, which is the main approach to behavioural equiva- 
lence, and then define a particular form of bisimilarity, called probabilistic branching bisimilarity, which 
is a congruence for CQP. 

3.1 Strong Bisimilarity 

The basic idea of bisimilarity is that if two processes are equivalent then any labelled transition by one 
can be matched by the other, and the resulting processes are again equivalent. It is worth presenting the 
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definition of the prototypical example, strong bisimilarity ifTH . as a model for later definitions. The most 
general setting for the definition is to consider a labelled transition system, which consists of a set of 
states and a three-place relation on States x Labels x States, written s — > t. A labelled transition system 
can be regarded as a labelled directed graph whose vertices are the states. We will consider relations on 
the set of states. The definition of strong bisimilarity proceeds in two stages. First we define the property 
of strong bisimulation, which a particular relation might or might not have. 

Definition 2 (Strong Bisimulation) A relation ^ is a strong bisimulation if whenever {P, 2) G ^ then 
for all labels a, both 

1. ifP P' then Q-^Q' and {P',Q') G ^, and 

2. ifQ-^ Q' then P P' and {P' , Q') £ Si. 

For a given labelled transition system there are many relations that have the property of strong bisimula- 
tion, including (trivially) the empty relation. The key idea is to define strong bisimilarity to be the union 
of all strong bisimulations, or equivalently the largest strong bisimulation. In other words, P and Q are 
strong bisimilar (denoted P ~ 2) if and only if there exists a bisimulation M such that (P, Q) E 

3.2 Probabilistic Branching Bisimilarity 

One of the characteristics of strong bisimilarity is that it is a stronger relation than trace equivalence; 
it is possible for two processes to generate the same sequences of labels, but not be strong bisimilar. 
Strong bisimilarity depends on the branching structure of the processes as well as on their sequences of 
labels. Another characteristic is that every transition must be matched exactly, including x transitions. 
However, because they arise from internal communications, it is often undesirable to insist that equivalent 
processes must match each other's T transitions. Hence weaker variations of bisimilarity have been 
defined, including weak bisimilarity [11], which ignores T transitions, and branching bisimilarity [2J, 
which reduces the significance of z transitions but retains information about their branching structure. 

When considering equivalences for quantum process calculus, it is necessary to take probability 
into account; even with the treatment of mixed configurations described in Section |2j there is proba- 
bilistic behaviour when measurement results are revealed to the observer. There are several varieties 
of probabilistic bisimilarity for classical probabilistic process calculi, including probabilistic branching 
bisimilarity llT6l . The equivalence for CQP defined by Davidson ||2l, which turns out to be a congruence, 
is a form of probabilistic branching bisimilarity, adapted to the situation in which probabilistic behaviour 
comes from quantum measurement. A key point is that when considering matching of input or output 
transitions involving qubits, it is the reduced density matrices of the transmitted qubits that are required 
to be equal. 

Although we did not present the full definition of the labelled transition semantics for CQP, we will 
now define probabilistic branching bisimilarity in full. In Section [33J the definition will be applied to 
the error correction example. The definitions in the remainder of this section are from Davidson's thesis 



Definition 3 (Density Matrix of Configurations) Let Oi = \p ^ Wi)] '^^d ^ ^ P si = (a,;«; A;c» 
P;vi) and s = gi Si. Then 



m. 



let 



Notation: Let — > 

=^ be equivalent to 




1. p{ai) = \Yi){Yi\ 

2. p'i{ai) = trp\^{\Yi){m\) 

3. p(s,) =p(a,-) 



4 
5 
6 



p'i{si) = p^{ai) 
p{s) ='Ligip{ii) 
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We also introduce the notation to denote the reduced density matrix of the environment qubits. 
Formally, if s = {[qf-^ \ y)]',P',P) then Pe{s) = p'^{s) where r = q\p. The definition of p£ is extended 
to mixed configurations in the same manner as p . 

Again let be the set of configurations. The probabilistic function /i : ^ x — [0, 1] is defined 
in the style of llT6l . It allows non-deterministic transitions to be treated as transitions with probability 
1, which is necessary when calculating the total probability of reaching a terminal state. pi{s,t) = 71 if 
s ^t; IJ.{s,t) = I if s = t and s G IJ.{s,t) = otherwise. 

Definition 4 (Probabilistic Branching Bisimulation) An equivalence relation ^ on configurations is 
a probabilistic branching bisimulation on configurations if whenever {s,t) G ^ the following conditions 
are satisfied. 

I. Ifs £ yn and s s' then 3t',t" such that t =^ t' -^^ t" with {s,t') G ^ and {s',t") G ^. 

c\[V.q[] ^ ^ c'![V.52] 

//. Ifs — > s' where s' = Sj^^ij„jPjs'j and V = {vi, ... ,v,n} then 3t' ,t" such that t t' — > t" 
with 

a) {s,t') G^, 

b) t" = mj^[y,,„}pjt';, 

c) for each j £ {I, . . . ,m}, psis'j) = Pe (t'J). 

d) for each 7 G { 1 , . . . , m}, {s'j^t'j) G ^. 

III. Ifs ^ s' then 3t',t" such that t =^ t' ^ t" with {s,t') G ^ and {s',t") G ^. 

IV. Ifs G then n{s,D) = }x{t ,D) for all classes D G y/M. 

This relation follows the standard definition of branching bisimulation ^ with additional conditions 
for probabilistic configurations and matching quantum information. In condition II we require that the 
distinct set of values V must match and although the qubit names (^1 and ^2) need not be identical, their 
respective reduced density matrices (p''" {s) and p^-{t')) must. 

Condition IV provides the matching on probabilistic configurations following the approach of lfT6l . 
In this relation, a probabilistic configuration which necessarily evolves from an output will satisfy IV 
if the prior configuration satisfies II d). It is necessary to include the latter condition to ensure that the 
probabilities are paired with their respective configurations. 

Naturally this leads to the following definition of bisimilarity on configurations. 

Definition 5 (Probabilistic Branching Bisimilarity) Configurations s and t are probabilistic branching 
bisimilar, denoted s ^ t, if there exists a probabilistic branching bisimulation M such that {s,t) G 

What we really want is equivalence of processes, independently of configurations (i.e. independently 
of particular quantum states). 

Definition 6 (Probabilistic Branching Bisimilarity of Processes) Processes P and Q are probabilistic 
branching bisimilar, denoted P ^ Q, if and only if for all a, (a;0;P) ^ (a;0;2). 

For convenience, in the remainder of this paper bisimilarity will refer to probabilistic branching 
bisimilarity and it will be clear from the context whether this is the relation on processes or configura- 
tions. The same symbol, ^, is used for both relations. 

It turns out that probabilistic branching bisimilarity is not a congruence because it is not preserved 
by substitution of values for variables, which is significant because of the use of substitution to define 
the semantics of input. We therefore define a stronger relation, full probabilistic branching bisimilarity, 
which is the closure of probabilistic branching bisimilarity under substitutions. 
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Definition 7 (Full probabilistic branching bisimilarity) Processes P and Q are full probabilistic branch- 
ing bisimilar, denoted P i^'^ Q, if for all substitutions K and all quantum states <J, {o;q;PK) ^ {o;q; Qk). 

We are now able to state the main result of Q. 

Theorem 1 (Full probabilistic branching bisimilarity is a congruence) If P Q then for any con- 
text C[], ifC[P] and C[Q] are typable then C[P] C[Q]. 

The condition that C[P] and C[Q\ are typable is used to ensure that the context does not manipulate qubits 
that are owned by P or Q. 



3.3 Mixed Configurations and Congruence 

A simple example will illustrate why the congruence result depends crucially on the use of mixed con- 
figurations. Consider the processes 

P{a-r[Qh\t]) = a?[x:Qbit]. {measure x}.0 
Q{a-r\Qh\t]) = a?[x:Qbit].{x*=H}{measure4.0 

P and Q are probabilistic branching bisimilar, because in any quantum state they can match each other's 
transitions. For input transitions this is because they can both input a single qubit, and for output transi- 
tions it is trivial because neither process produces any output. The actions within each process produce 
T transitions, which are absorbed into the input transitions according to the definition of probabilistic 
branching bisimulation. 

Now consider P and Q in parallel with R{b :^Qbit] ) =b\[q\.(S'm the quantum state [p,q^ ^ ( |00) + 
1 11))]. That is, consider the configurations 

{[p,q^^^{m + \n))];p,q;P\R) ([;,,^ ^ _^(|00) + 1 11))] | /?) 

The interesting situation is when the measurement in P or Q occurs before the output in R. Imagine, 
first, that the semantics of CQP handles the measurement by producing a probability distribution; recall 
that this is not the actual semantics of measurement. \nP\R the quantum state before the measurement 
is -^(100) + |11)) and the state after the measurement is either |00) or |11) with equal probability. The 

'I 0\ /O 0^ 



qubit output by R has reduced density matrix or ^ J . In 2 | /? the quantum state before the 

measurement is ^(lOO) + 101) + |10) — |1 1)) and the state after the measurement is either --^(|00) + |01)) 
or -^(llO) — |11)) with equal probability. The qubit output by R has reduced density matrix ^ ^| | 

or ji ^ ) . It is therefore impossible for P\R and Q\R to match each other's outputs. 



2^-1 1, 

Actually, of course, the semantics of CQP does not produce a probability distribution in this case, 
because the result of the measurement is not output. Instead, from P 1 7? we get the mixed configuration 

l([;.,^^|00)];/7,^;0|Z7![^].0)e^([;?,^^|ll)];/7,^;0|Z>!M.O) (4) 
and from 2 1 /? we get the mixed configuration 

^([p,^^-^(|00) + |01))];p,g;0|Z.!M.0)e^([p,g^-^(|10)-|ll))];p,g;0|Z.![^].0). (5) 
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The calculation of the reduced density matrix of the qubit output by R, taking into account the contribu- 
tions of each component of the mixed configuration, gives in both cases. This enables P \ R and 

Q\R to match each other's outputs, and in fact (although we do not show it here), it is straightforward to 
construct a probabilistic branching bisimulation relation containing {P\R,Q\R). 



3.4 Correctness of QECC 

We now sketch the proof that QECC Identity, which by Theorem [U implies that the error correction 
system works in any context. An interesting consequence is that the qubit being transmitted may be part 
of any quantum state, meaning that it is correctly transmitted with error correction even if it is entangled 
with other qubits; the entanglement is also preserved by the error correction system. This property of 
error correction, although easily verified by hand, is not usually stated explicitly in the literature. 

Proposition 1 QECC *=^' Identity. 

Proof: First we prove that QECC ^ Identity, by defining an equivalence relation ^ that contains the pair 
((a;0; QECC), {a;®; Identity)) for all a and is closed under their transitions. ^ is defined by taking its 
equivalence classes to be the Si{(j) defined below, for all states a. The idea is to group configurations 
according to the sequences of observable transitions leading to them. ^2 is also parameterized by the 
input qubit, as this affects the output qubit and hence the equivalence class. 

Sj{a) = {s I (a;0;P) ^ s and P G {QECC, Identity}} 
82(0, x) = {s I (a;0;P) ^ s and P e {QECC, Identity}} 

Ss{o) = {s I (a;0;P) ^ and P G {QECC, Identity}} 

We now prove that ^ is a probabilistic branching bisimulation. It suffices to consider transitions between 

Si classes, as transitions within classes must be T and are matched by T. If s,t e Si (a) and s — -f s' then 

s' G 52(a) and we find t',t" such that t =^ t' ^ t" with t' G (a) and t" G ^2(0), so {s,t') G M and 
{s' ,t") G =^ as required. Transitions from 5'2(cj) are matched similarly. There are no transitions from 
S3{a). 

There is no need for a probability calculation (case IV of Definition HJl because no probabilistic 
configurations arise; measurement results are always communicated internally, and never to the external 
environment. 

Finally, because QECC and Identity have no free variables, their equivalence is trivially preserved by 
substitutions. □ 



4 Error Correction: A Second Model 

We now consider a different noise model in which random X errors are applied independently to each 
of the three qubits being transmitted. The new definition of Noise is shown below; we use the original 
definitions of Alice and Bob; the overall system is now QECC2. 

NoiseRnd{p Hbit, bit, bit]) = 

(qbit u,v,w) . {u *= H} . {v *= H} . {w *= H} ./^[[measure u, measure v, measure w] .0 
NoiseErr{b HQbit, Qbit, Qbit] , p Hbit, bit, bit] , c :^Qbit, Qbit, Qbit] ) = 

Z7?[x: Qbit,);: Qbit,z: Qbit]. ;7?[j:bit,;t: bit,/: bit]. {x*=X^}.{3;*=X'^}.{z*=X'}.c![x,3;,z].0 
A^o/5e(Z7:^Qbit, Qbit, Qbit], c:^Qbit, Qbit, Qbit]) = (new p){NoiseRnd{p)\NoiseErr{b,p,c)) 
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QECC2{a-r[Qh\t],d:'^Qh\t]) = (new b,c){Alice{a,b)\Noise{b,c) \ Bob{c,d)) 

The threefold repetition code is not able to correct multiple errors, so we do not have QECC2 Identity. 
The error correction system has a probability of ^ of transmitting a qubit with an X error. We can express 
this in CQP by using BitFlip as a specification process: 



and by very similar arguments to before, we obtain: 

Proposition 2 QECCl BitFlip. 

There is still no probability calculation because the results of the measurements in NoiseRnd and Rnd 
are not output. The equal probability of correct and incorrect transmission manifests itself in the fact that 
the reduced density matrix of the final output qubit, from both QECCl and BitFlip, is an equal mixture 
of the input qubit and its inverse. The only way to introduce probability into this example is for Flip to 
observably output j and NoiseErr to observably output the majority value of i,k, I, before the final qubit 
output. 

We know from the standard analysis of this error correction system that if the independent probability 
of flipping each qubit is p < ^, QECCl reduces the overall probability of a bit-flip error to p^{'i — Ip) < 
p. With a slightly more complicated analysis we could also express this property in CQP. 

5 Conclusion and Future Work 

We have explained the use of the process calculus CQP, and its theory of behavioural equivalence, in 
analyzing the correctness of quantum communication systems. We have summarized the theory, which 
is presented in full detail in [2J, and given two examples based on a simple quantum error correcting 
code. 

Quantum error correction can easily be analyzed by pen and paper, but the point of process cal- 
culus is that it forms part of a systematic methodology for verification of quantum systems. In par- 
ticular, the congruence property of behavioural equivalence explicitly guarantees that equivalent pro- 
cesses remain equivalent in any context, and supports equational reasoning. For example: we have 
shown that QECC Identity; there is a proof in 121 that Teleport Identity; so we have, for free, 
that QECC Teleport, in any context. Because CQP can also express classical behaviour, we have a 
uniform framework in which to analyze classical and quantum computation and communication. 

The next steps for this line of research are to develop equational axiomatizations of behavioural 
equivalence, in order to reduce the need to explicitly construct bisimulation relations, and to develop 
software for automatic verification of equivalence. Both of these techniques are already well established 
for classical process calculus. 
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